60 passwords that were too bad to trigger DDoS attack "Mirai" that took over 500,000 IoT devices

ByChristoph Scholz

It occurred in late September 2016Historically unprecedented DDoS attack of 1 terabit per secondIs created by a user who claims to be "Anna-senpai"MiraiThe malware called infected IoT device and formed a botnet was done. In many of the devices incorporated in this botnet as a "stepping stone" of attacks, the combination of user name and password, which is said to be "security only", was hard code (written directly in the source code) I understood.

These 60 dumb passwords can hijack over 500,000 IoT devices into the Mirai botnet
https://www.grahamcluley.com/mirai-botnet-password/


Over 500,000 IoT Devices Vulnerable to Mirai Botnet | SecurityWeek.Com
http://www.securityweek.com/over-500000-iot-devices-vulnerable-mirai-botnet


The device that formed Mirai's botnet contained a lot of Chinese manufacturer's software called XiongMai (雄 ework) and hardware, and the source code included the following user name and password . If you are concerned about the security of IoT devices such as router and network camera at hand, please enter the following user name & password. If you get errors without errors, that IoT device is in an "unprotected" state.

Among the combinations, there are 11 with the same user name and password and 2 without password, which is not a level of security in terms of security.

A further problem is that the settings that make these remote IOT devices easy to do remote access are the defaults and that there is no option to turn off this option because it is described directly in the firmware up to this type of configuration is.

Graham Cluley, a security news site, commented that as a result of the demand for inexpensive IoT devices, there are manufacturers who are "happy" with various things and the risk of the Internet community increases, " .